A blog covering security and security technology.
  1. Fooling Automated Surveillance Cameras with Patchwork Color Printout

    Nice bit of adversarial machine learning. The image from this news article is most of what you need to know, but here's the research paper....
  2. Vulnerability in French Government Tchap Chat App

    A researcher found a vulnerability in the French government WhatsApp replacement app: Tchap. The vulnerability allows anyone to surreptitiously join any conversation. Of course the developers will fix this vulnerability. But it is amusing to point out that this is exactly the backdoor that GCHQ is proposing....
  3. G7 Comes Out in Favor of Encryption Backdoors

    From a G7 meeting of interior ministers in Paris this month, an "outcome document": Encourage Internet companies to establish lawful access solutions for their products and services, including data that is encrypted, for law enforcement and competent authorities to access digital evidence, when it is removed or hosted on IT servers located abroad or encrypted, without imposing any particular technology...
  4. Excellent Analysis of the Boeing 737 Max Software Problems

    This is the best analysis of the software causes of the Boeing 737 MAX disasters that I have read. Technically this is safety and not security; there was no attacker. But the fields are closely related and there are a lot of lessons for IoT security -- and the security of complex socio-technical systems in general -- in here....
  5. Friday Squid Blogging: New Squid Species off the New Zealand Coast

    There's a new diversity of species. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here....
  6. Iranian Cyberespionage Tools Leaked Online

    The source code of a set of Iranian cyberespionage tools was leaked online....
  7. New DNS Hijacking Attacks

    DNS hijacking isn't new, but this seems to be an attack of unprecedented scale: Researchers at Cisco's Talos security division on Wednesday revealed that a hacker group it's calling Sea Turtle carried out a broad campaign of espionage via DNS hijacking, hitting 40 different organizations. In the process, they went so far as to compromise multiple country-code top-level domains --...
  8. A "Department of Cybersecurity"

    Presidential candidate John Delaney has announced a plan to create a Department of Cybersecurity. I have long been in favor of a new federal agency to deal with Internet -- and especially Internet of Things -- security. The devil is in the details, of course, and it's really easy to get this wrong. In Click Here to Kill Everybody, I...
  9. More on the Triton Malware

    FireEye is releasing much more information about the Triton malware that attacks critical infrastructure. It has been discovered in more places. This is also a good -- but older -- article on Triton. We don't know who wrote it. Initial speculation was Iran; more recent speculation is Russia. Both are still speculations. Fireeye report. BoingBoing post....
  10. Vulnerabilities in the WPA3 Wi-Fi Security Protocol

    Researchers have found several vulnerabilities in the WPA3 Wi-Fi security protocol: The design flaws we discovered can be divided in two categories. The first category consists of downgrade attacks against WPA3-capable devices, and the second category consists of weaknesses in the Dragonfly handshake of WPA3, which in the Wi-Fi standard is better known as the Simultaneous Authentication of Equals (SAE)...

Copyright © 2019 • All Rights Reserved.Simple Systems of Vermont LLC
1 High Street • Brandon, VT 05733 • Contact Us • Privacy Policy